CISA Flags Actively Exploited Vulnerabilities in SolarWinds Web Help Desk and Major Platforms
CISA added multiple vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, triggering mandatory remediation timelines for U.S. federal civilian agencies. The newly listed issues include an actively exploited flaw in SolarWinds Web Help Desk (CVE-2025-40536) with an accelerated patch deadline, alongside additional KEV additions affecting Apple platforms (iOS, macOS, tvOS, watchOS, visionOS), Microsoft products, and Notepad++. Apple stated it was aware of reports the issue “may have been exploited in an extremely sophisticated attack against specific targeted individuals,” with Google Threat Analysis Group credited with discovery, underscoring continued targeting of high-value users via mobile/endpoint zero-days.
Separate reporting highlighted the broader operational context driving these directives: Microsoft’s February security update addressed 59 vulnerabilities, including six zero-days under active exploitation, reinforcing that exploit timelines are compressing and patching is increasingly a “defense sprint.” In parallel, CISA also moved to reduce systemic exposure at the perimeter by ordering agencies to remove unsupported network edge devices (e.g., firewalls/routers) within a year, reflecting concern that end-of-support infrastructure and rapidly weaponized vulnerabilities are converging into a persistent, high-impact federal risk.
Related Entities
Vulnerabilities
Threat Actors
Organizations
Sources
Related Stories
CISA Adds Apple WebKit and Gladinet CentreStack Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-43529, a use-after-free vulnerability in Apple’s WebKit engine affecting multiple Apple products, and CVE-2025-14611, a hard-coded cryptographic vulnerability in Gladinet CentreStack and Triofox. These vulnerabilities have been identified as significant risks due to evidence of active exploitation, prompting CISA to require Federal Civilian Executive Branch agencies to remediate them by specified deadlines under Binding Operational Directive 22-01. CISA also strongly encourages all organizations, not just federal agencies, to prioritize remediation of these vulnerabilities to reduce exposure to cyberattacks. Recent reports indicate that the Apple WebKit vulnerability (CVE-2025-43529) has been exploited in highly targeted attacks, likely involving nation-state actors and commercial spyware vendors, with a focus on high-value individuals. Apple and Google both released urgent security updates in response to these attacks, though details remain limited. The WebKit flaw allows attackers to trigger memory corruption through specially crafted web content, potentially leading to arbitrary code execution. The Gladinet CentreStack and Triofox vulnerability involves hard-coded cryptographic keys, which could be leveraged by attackers to compromise affected systems. Organizations are urged to apply available patches and follow CISA’s guidance to mitigate these threats.
3 months ago
CISA Flags Actively Exploited Microsoft Configuration Manager RCE (CVE-2024-43468)
The U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) added **CVE-2024-43468** to its Known Exploited Vulnerabilities (KEV) catalog after determining the flaw is being **actively exploited in the wild**. The vulnerability is a **critical (CVSS 9.8) SQL injection** in *Microsoft Configuration Manager* (ConfigMgr/SCCM) that can allow an **unauthenticated remote attacker** to achieve **remote code execution** by sending specially crafted requests, enabling command execution on the ConfigMgr server and/or its underlying site database with **high/`SYSTEM`-level impact**. CISA set a remediation deadline of **March 5** for U.S. Federal Civilian Executive Branch agencies under its Binding Operational Directive requirements; public reporting noted Microsoft’s advisory had previously assessed exploitation as “less likely,” and Microsoft had not (as of reporting) publicly detailed the threat actors or scope of exploitation. The issue was originally patched by Microsoft in **October 2024** after being reported by **Synacktiv**, and proof-of-concept exploit code was later published (including by Synacktiv), lowering the barrier to weaponization. Separate CISA KEV updates the same week also drove patching urgency across other widely deployed products (including **SolarWinds Web Help Desk** and multiple **Apple** platforms for a reportedly “extremely sophisticated” targeted attack), reinforcing that organizations should treat KEV additions as a high-confidence signal to accelerate patching and exposure reduction—particularly for internet-reachable management tooling like ConfigMgr that can provide broad administrative control if compromised.
1 months ago
CISA Adds Omnissa Workspace ONE, SolarWinds Web Help Desk, and Ivanti EPM Flaws to KEV Catalog
CISA added three vulnerabilities to its **Known Exploited Vulnerabilities (KEV) Catalog** based on evidence of active exploitation: **CVE-2021-22054** (Omnissa *Workspace ONE UEM* / formerly VMware Workspace ONE UEM, **SSRF**), **CVE-2025-26399** (SolarWinds *Web Help Desk*, **deserialization of untrusted data** in `AjaxProxy` enabling command execution), and **CVE-2026-1603** (Ivanti *Endpoint Manager (EPM)*, **authentication bypass**). CISA reiterated that KEV-listed issues are common intrusion vectors and that Federal Civilian Executive Branch (FCEB) agencies must remediate per **BOD 22-01** deadlines, while strongly urging all organizations to prioritize patching/mitigation of KEV entries as part of vulnerability management. CISA’s public KEV data repository was updated to reflect the 2026-03-09 catalog release, increasing the catalog count and adding records for the newly listed CVEs, including short descriptions, required actions, and remediation due dates (e.g., **2026-03-23** for CVE-2021-22054 and **2026-03-12** for CVE-2025-26399). Separate reporting about CISA warning on exploited **Apple** vulnerabilities (macOS/iOS/iPadOS/Safari) describes a different set of CVEs and does not align with the KEV additions in this alert.
5 days ago